IPv4-Mapped IPv6 Address used in DNS with AAAA-records
Gert Doering
gert at space.net
Fri Jul 28 15:56:23 CEST 2023
Hi,
On Fri, Jul 28, 2023 at 11:40:24AM +0100, Nick Hilliard wrote:
> If the client host is dual-stacked, or
> ipv6-single-stacked, then unless there are mitigations in the client tcp
> stack, a tcp connection attempt may be made.
This is is all OS stack quirks, but if "all you have is a single socket
on a dual-stack machines", v4 connects will show up on a v6 socket as
magic v6 addresses...
So, in reverse, by specifying v4-mapped v6 addresses on the socket API
(on OSes that have that particular kernel path (*)), you get a v4 connect
on a v6 socket.
Thus, for a dual stack machine, I expect this to actually work on many
cases - and on a v6-only machine, I expect this to fail fast, because
the network layer will return "no route to host" or something.
But indeed, testing :-)
Gert Doering
-- NetMaster
(*) OpenVPN ran into this in many interesting ways, with replies like
"oh we just forgot to implement this particular edge case" from kernel
developers... in retrospective, we should all have followed the OpenBSD
approach to make v6-sockets v6, and v4-sockets v4, and disallow any
mixing.
--
have you enabled IPv6 on something today...?
SpaceNet AG Vorstand: Sebastian v. Bomhard, Michael Emmer
Joseph-Dollinger-Bogen 14 Aufsichtsratsvors.: A. Grundner-Culemann
D-80807 Muenchen HRB: 136055 (AG Muenchen)
Tel: +49 (0)89/32356-444 USt-IdNr.: DE813185279
More information about the ipv6-ops
mailing list